Debian Security Advisory

DLA-38-1 wireshark -- LTS security update

Date Reported:
20 Aug 2014
Affected Packages:
wireshark
Vulnerable:
Yes
Security database references:
In Mitre's CVE dictionary: CVE-2014-5161, CVE-2014-5162, CVE-2014-5163.
More information:
  • CVE-2014-5161, CVE-2014-5162:

    The Catapult DCT2000 and IrDA dissectors could underrun a buffer. It may be possible to make Wireshark crash by injecting a malformed packet onto the wire or by convincing someone to read a malformed packet trace file.

  • CVE-2014-5163:

    The GSM Management dissector could crash. It may be possible to make Wireshark crash by injecting a malformed packet onto the wire or by convincing someone to read a malformed packet trace file.

For Debian 6 Squeeze, these issues have been fixed in wireshark version 1.2.11-6+squeeze15